Program analysis

  • a better name for “object-sensitivity” might have been “allocation-site sensitivity”
  • What is the relationship between taint tracking vs. DFA?
    • Taint tracking is a subset of DFA
  • DFA vs. DFG vs. DDA vs. DDG?
    • Data Flow Analysis's input is a (i)CFG, and its output is for each program point in the (i)CFG, the pre-state and post-state in an abstract domain.
    • Data Flow Graph are sometimes used in a context outside the program analysis. It is basically a way to represent a value-oriented computation process (i.e. the normal program concepts such as variables and functions are typically not inside such DFG).
    • Data Dependency Analysis is a subset of Dependency Analysis, which is about dependency between statement pair. Again, it is mostly used in compiler domain, outside program analysis.
    • Data Dependency Graph is just the output of the DDA.
    • Object Flow Graph: Basically enhancing DFA for OOP features.